On Aug 29, 2014, at 10:30 AM, Watson Ladd <watsonbladd at gmail.com> wrote:
> On Fri, Aug 29, 2014 at 10:17 AM, Tao Effect <contact at taoeffect.com> wrote:
>> I had checked the website the day prior to those tweets. Cert change
>> appeared a day later. That is why I was (and am still) convinced that it was
>> a MITM attack.
>> Where the website owner confirmed that the new cert was correct?
Yes, see the tweets. It was an example of a revoked certificate being used in place of the new one (possibly compromised because of HeartBleed). Neither Chrome nor Firefox can reliably check to see if a certificate is revoked.
> The basic problem is that the only individual who knows what keys
> should be associated with them, is the individual who owns the private
> keys. And so you need to have a consistent, global view of that map,
> which can get occasionally updated and have them check the correctness
> of this map.
Yes, such a mapping is called "The Blockchain". :-)
DNSChain makes that mapping accessible to all devices (without needing to run a node or store the blockchain locally):
https://github.com/okTurtles/dnschain
Kind regards,
Greg Slepak
--
Please do not email me anything that you are not comfortable also sharing with the NSA.
>>>>> This event serves as a real-world example of the community's reaction to
>> MITM attacks. It highlights extreme skepticism and apathy in spite of clear
>> evidence of a MITM attack.
>>>> Only major CA compromises that have affected giant companies (like Google)
>> get press.
>>>> This example shows that people on this list could be MITM attacked right
>> now, and in the unlikely event that they detected it, it may not matter
>> much. That is why I prefer systems that prevent MITM attacks from happening
>> in the first place, and without any ambiguity.
>> What's the difference between the key associated to
>watsonbladd at gmail.com changing because I forgot a passphrase and
> changing because it's been MITM'd? If you want to make addresses keys,
> then you introduce a different set of problems, where the address
> associated to an individual is changed.
>> The basic problem is that the only individual who knows what keys
> should be associated with them, is the individual who owns the private
> keys. And so you need to have a consistent, global view of that map,
> which can get occasionally updated and have them check the correctness
> of this map.
>> Sincerely,
> Watson Ladd
>>>>> Cheers,
>> Greg Slepak
>>>> --
>> Please do not email me anything that you are not comfortable also sharing
>> with the NSA.
>>>>>>>> _______________________________________________
>> Messaging mailing list
>>Messaging at moderncrypto.org>>https://moderncrypto.org/mailman/listinfo/messaging>>>>>> --
> "Those who would give up Essential Liberty to purchase a little
> Temporary Safety deserve neither Liberty nor Safety."
> -- Benjamin Franklin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140829/b8502917/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140829/b8502917/attachment.sig>